Allowing all sites access

Martin Atkins mart at
Wed May 18 14:30:07 PDT 2005

Andrew Ducker wrote:
> I've been trying to work out a reason I wouldn't allow any site to 
> verify that is me - they 
> can't think to check that address unless I type it in, and if they do, 
> all it can check is that I'm also logged in as that user on that site.
> That being the case, will it be possible to state that I'd like to 
> authorise all sites to verify my identity, rather than authorise them 
> one at a time?

The authorization state is stored within each ID server, so that's not 
really feasible.

The only way LiveJournal can verify non-LJ URLs is by including a hash 
of your username in the identity server URL. Since you control your 
Identity URL, you decide which username is hashed and included in the 
URL and thus can control which LJ user is able to assert that identity.

Theoretically you could also have each identity server keep a list of 
assertable identities, but even in that case each identity server would 
have to be approved separately as identity servers don't talk to each 
other (necessarily).

More information about the yadis mailing list